Information Security News mailing list archives
Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnet
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 30 May 2013 02:29:03 -0500 (CDT)
http://news.techworld.com/applications/3449583/hackers-exploit-ruby-on-rails-vulnerability-to-compromise-servers-create-botnet/ By Lucian Constantin Techworld.com 29 May 2013Hackers are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a botnet.
The Ruby on Rails development team released a security patch for the vulnerability, which is known as CVE-2013-0156, back in January. However, some server administrators haven't yet updated their Rails installations.
Ruby on Rails is a popular framework for developing Web applications based on the Ruby programming language and is used by websites including Hulu, GroupOn, GitHub and Scribd.
"It's pretty surprising that it's taken this long [for an exploit] to surface in the wild, but less surprising that people are still running vulnerable installations of Rails," said Jeff Jarmoc, a security consultant with security research firm Matasano Security, Tuesday in a blog post.
[...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More!http://www.shopinfosecnews.org
Current thread:
- Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnet InfoSec News (May 30)